def rekey_file(self, filename, new_password):
check_prereqs()
prev = os.stat(filename)
ciphertext = self.read_data(filename)
try:
plaintext = self.vault.decrypt(ciphertext)
except AnsibleError as e:
raise AnsibleError("%s for %s" % (to_bytes(e),to_bytes(filename)))
new_vault = VaultLib(new_password)
new_ciphertext = new_vault.encrypt(plaintext)
self.write_data(new_ciphertext, filename)
# preserve permissions
os.chmod(filename, prev.st_mode)
os.chown(filename, prev.st_uid, prev.st_gid)
评论列表
文章目录
